W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: [cors] Review

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 17 Jun 2009 22:01:28 +0200
To: "Tyler Close" <tyler.close@gmail.com>
Cc: "Mark Nottingham" <mnot@mnot.net>, public-webapps@w3.org
Message-ID: <op.uvopwqp364w2qv@anne-van-kesterens-macbook.local>
On Wed, 17 Jun 2009 19:45:54 +0200, Tyler Close <tyler.close@gmail.com>  
> I believe the described heuristics provide complete coverage for
> resources behind my company's firewall. Is there a common firewall
> configuration you are concerned about?

I do not know enough about firewall setups to make an informed comment on  
that, but I do not think it is my responsibility to show that your  
proposal does not have / has flaws. If you make your proposal a bit more  
concrete and manage to convince one or vendors to support it we should  
definitely consider it, but until that time this is not much to go by, in  
my opinion.

> The proposed solution uses both heuristics and configuration, not
> relying solely on either for protection.
> If this technique can in practice provide adequate protection, it is a
> much better solution than CORS, which undermines HTTP and webarch in a
> number of ways (all discussed previously and again raised by mnot).

I do not think CORS undermines HTTP or webarch.

I do think that if your proposal would actually work that'd be pretty neat.

Anne van Kesteren
Received on Wednesday, 17 June 2009 20:02:16 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC